aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* Remove unused word8_muladd from MSVC x86-32 asmJack Lloyd2015-12-191-84/+0
| | | | GH #363
* Merge the openssl code together.Jack Lloyd2015-12-1910-37/+17
| | | | | | | Having the code diffused all over the place was ugly and would not scale well to multiple alternative providers. GH #368
* Remove all remaining uses of throwing a std:: exception directlyJack Lloyd2015-12-197-16/+17
| | | | See GH #340 and 6b9a3a5 for background
* CLI rewriteJack Lloyd2015-12-197-205/+50
| | | | | | | | | | | | | | | | | | The command line tools' origin as a collection of examples and test programs glued together led to some unfortunate problems; lots of hardcoded values, missing parameters, and obsolete crypto. Adds a small library for writing command line programs of the sort needed here (cli.h), which cuts the length of many of the commands in half and makes commands more pleasant to write and extend. Generalizes a lot of the commands also, eg previously only signing/verification with DSA/SHA-1 was included! Removes the fuzzer entry point since that's fairly useless outside of an instrumented build. Removes the in-library API for benchmarking.
* Enable RdRand on Windows/MSVCDaniel Neus2015-12-161-0/+1
|
* Add missing include in dyn_load.cppSimon Warta2015-12-121-0/+1
|
* Build fix. Add SQL_DB_Error exception typeJack Lloyd2015-12-112-9/+18
|
* Disable asio serial port support to avoid Darwin braindamage. GH #350Jack Lloyd2015-12-111-1/+9
|
* Missing addsJack Lloyd2015-12-1123-29/+27
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-1172-167/+178
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Minor sanity updates for OctetStringSimon Warta2015-12-092-23/+24
|
* Add OS utility headerJack Lloyd2015-12-056-102/+191
| | | | | | | | Provide abstractions for the locking allocator (allocate and free locked pages) to decouple it from the platform dependent code. Should make it easy to write a Windows version using VirtualAlloc+VirtualLock. Exposes max mlock limit as a build.h toggle
* Make portable GCM multiply operation run in constant time.Jack Lloyd2015-12-041-9/+16
| | | | Checked with ctgrind
* Merge pull request #321 from matejk/fix_algo_registry_locking_windowsJack Lloyd2015-12-041-6/+54
|\ | | | | Algo_Registry: Use CRITICAL_SECTION on Windows to prevent hang during initialization
| * Added myself to credits/copyright.Matej Kenda2015-11-201-0/+1
| |
| * Merged two sections of Botan namespace as suggested by randombit. ↵Matej Kenda2015-11-191-5/+4
| | | | | | | | Preprocessing sections are now split in two.
| * Merge branch 'master' of github.com:randombit/botan into ↵Matej Kenda2015-11-1932-141/+161
| |\ | | | | | | | | | fix_algo_registry_locking_windows
| * | Fixed default ctor for WinCS_MutexMatej Kenda2015-11-041-1/+1
| | |
| * | #321: changed implementation of CriticalSection locking in algo registry.Matej Kenda2015-11-041-34/+38
| | |
| * | Algo_Registry: Use CRITICAL_SECTION instead of std::mutex to prevent hang in ↵Matej Kenda2015-11-031-5/+49
| | | | | | | | | | | | DllMain when initialising global constants.
* | | Remove support for broken 112 and 128 bit SECP ECC groups.Jack Lloyd2015-12-022-50/+2
| | |
* | | Add update overload taking std::string to PK_Verifier and PK_SignerJack Lloyd2015-12-021-1/+19
| | | | | | | | | | | | Because convenient
* | | Avoid ever returning 0 from CPUID::cache_line_sizeJack Lloyd2015-12-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Take the value from build.h if we have no way of getting it dynamically. Fixes an infinite loop in AES on non-x86 introduced in ebf2164a, as otherwise it does for(size_t i = 0; i != ...; i += 0) {} while iterating over the TE tables.
* | | Add more workfactor estimate helpers.Jack Lloyd2015-11-296-32/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifically a named one for integer factorization (despite using same formula as DL calc) which incorporates the k value from RFC 3766. Also adds dl_exponent_size which returns the exponent size, this one ignores k thus using a ~10 bit larger exponent than strictly necessary. Adding in k downgrades 1024 bit RSA to exactly 80 bits, which is probably about right.
* | | Improve side channel attack resistance of table based AES implJack Lloyd2015-11-292-416/+164
| | |
* | | Add differential compression test.Jack Lloyd2015-11-281-1/+1
| | | | | | | | | | | | | | | Change getrusage output to static system data since it is sparse and changes rarely, and so actually does trigger the differential test.
* | | Push the hardcoded entropy estimates up to build.hJack Lloyd2015-11-2810-70/+58
| | | | | | | | | | | | Defaults should be fine for everyone but it makes the values more transparent
* | | Merge pull request #320 from matejk/fix_crash_in_comp_filterSimon Warta2015-11-261-0/+7
|\ \ \ | | | | | | | | Fixed crash in compression filter when transform argument is null.
| * | | Compression filter: Reorganised verification order of transform.Matej Kenda2015-11-261-4/+6
| | | |
| * | | Fixed crash in compression filter when transform argument is null.Matej Kenda2015-11-031-1/+6
| |/ /
* | | New reseed_with_sources call on RNGsJack Lloyd2015-11-2430-140/+305
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provides an easier way for an application to configure a list of entropy sources they'd like to use, or add a custom entropy source to their seeding. Exposes some toggles for the global/default entropy sources to build.h Adds basic entropy tests which runs the polls and does sanity checking on the results, including compression tests if available. These are less useful for the CSPRNG outputs but a good check for the ones producing plain ASCII like the /proc reader.
* | | Remove bogus code from generic mp_madd header, noticed on PPC build.Jack Lloyd2015-11-232-5/+6
| |/ |/| | | | | Also fix a few cast and zero-as-nullptr warnings in the AltiVec header
* | Remove mul128.h header from public viewJack Lloyd2015-11-163-19/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The only reason mul128.h was included in mp_types.h was for the definition of dword. But dword is only needed by the generic version of mp_madd, which is an internal header. So move both the inclusion of the header and the dword definition to there. Previously mul128.h was very public (mp_types.h to bigint.h to rsa.h, for example) and use of __int128 causes problems in pedantic mode. So additionally, prefer using the TI attribute version since GCC does not complain about that. Clang's -Wpedantic does not seem to care about it either way. GH #330
* | Fix bug causing TLS client to sometimes reject DHE server kexJack Lloyd2015-11-132-35/+16
| | | | | | | | | | | | Re-encoding the server key exchange meant that any leading zeros in the values for DHE (or SRP) would be stripped out. This would cause the signature check to fail.
* | Add remove_all to TLS session manager interfaceJack Lloyd2015-11-138-48/+67
| | | | | | | | DB::spin now returns the number of rows affected
* | Remove call to abort on a zero point in PointGFp::get_affine_{x,y}Jack Lloyd2015-11-131-4/+0
| |
* | Drop the DH group check to a weaker version of the checksJack Lloyd2015-11-131-2/+3
| | | | | | | | since the primality tests are expensive in CPU time.
* | Add TLS_PSK testsJack Lloyd2015-11-133-14/+5
| | | | | | | | | | | | | | | | | | | | | | Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
* | Add missing overridesJack Lloyd2015-11-112-2/+2
| |
* | Update and consolidate the test framework.Jack Lloyd2015-11-1110-11/+29
| | | | | | | | | | | | | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* | Add check for path validation result in Credentials_Manager. GH #324Jack Lloyd2015-11-043-6/+12
|/
* Remove unused xor_buf.h (internal header merged into mem_ops.h)Jack Lloyd2015-10-271-144/+0
|
* Fix McEliece key gen endian dependency.Jack Lloyd2015-10-273-20/+27
| | | | | | | | | | | The tests which generate McEliece keys using a deterministic RNG and fixed seed failed on PowerPC (or other big endian systems) because the vectors assumed we were creating elements little endian, which is what happend with rng.randomize(&u16, 2) on x86 Fix it to always be little endian. No particular reason to prefer one vs the other here (we're just trying for compatability with ourselves) and choosing little endian avoids having to regen the vectors.
* Compile fixJack Lloyd2015-10-261-1/+1
|
* Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-2621-210/+447
|\ | | | | TLS improvements
| * Missing include dependencyJack Lloyd2015-10-261-1/+1
| |
| * Asan fix - referencing &vec[vec.size()] instead of vec.end()Jack Lloyd2015-10-263-39/+22
| | | | | | | | Convert to a const time algo
| * TLS improvementsJack Lloyd2015-10-2519-170/+424
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Add missing includeJack Lloyd2015-10-261-0/+1
| |
* | Merge pull request #313 from randombit/path-validation-fixesJack Lloyd2015-10-2610-104/+186
|\ \ | | | | | | Fix cert validation bugs found by x509test.